Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   psysnew.exe (https://www.trojaner-board.de/134051-psysnew-exe.html)

SGC2013 22.04.2013 19:42
psysnew.exe
 
Mein Avira Free Antivirus sagt, ich habe einen Virus

psysnew.exe

TR/Dropper.Gen

Hilfe :(

OTL Logfile:
Code:
OTL logfile created on: 22.04.2013 21:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,75% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 60,43 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 473,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.01.28 21:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.01.28 21:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.23 14:33:47 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.14 18:40:26 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.01 08:07:03 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.01.01 08:07:03 | 000,228,864 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.31 13:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.16 15:34:32 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2007.10.16 15:33:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.18 12:19:02 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2007.01.19 12:55:00 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\MSN Messenger\msnmsgr.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.11.14 15:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe
PRC - [2006.11.02 14:35:15 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 11:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2008.01.01 08:07:03 | 000,036,352 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.01.28 21:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.01.28 21:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.01 08:07:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.18 12:19:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.11.27 11:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 16:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 16:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=86570015AF7B0CB7
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
 
[2013.04.22 21:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [psysnew] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [awde7zip19638]  File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB45861-79BD-4D58-A980-3EC0AE2A0BF8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8544844260-9748108731-416439516-1967\winmap.exe) - C:\RECYCLER\S-1-5-21-8544844260-9748108731-416439516-1967\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7657542222-1822721105-271569067-7071\winmap.exe) - C:\RECYCLER\S-1-5-21-7657542222-1822721105-271569067-7071\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6334764210-1400428312-820338010-3587\winmap.exe) - C:\RECYCLER\S-1-5-21-6334764210-1400428312-820338010-3587\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2099290451-0801687248-881637939-6472\winmap.exe) - C:\RECYCLER\S-1-5-21-2099290451-0801687248-881637939-6472\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5380032843-0092896281-057070281-1725\winmap.exe) - C:\RECYCLER\S-1-5-21-5380032843-0092896281-057070281-1725\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2216701945-2481984187-441471480-2281\winmap.exe) - C:\RECYCLER\S-1-5-21-2216701945-2481984187-441471480-2281\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2903814639-9976829197-688286704-2836\winmap.exe) - C:\RECYCLER\S-1-5-21-2903814639-9976829197-688286704-2836\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5321474537-8582077426-160912201-4937\winmap.exe) - C:\RECYCLER\S-1-5-21-5321474537-8582077426-160912201-4937\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7198325018-2513435725-211056830-5795\winmap.exe) - C:\RECYCLER\S-1-5-21-7198325018-2513435725-211056830-5795\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6995904886-7057551055-991548404-1271\winmap.exe) - C:\RECYCLER\S-1-5-21-6995904886-7057551055-991548404-1271\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9082484802-5576524064-820464265-4388\winmap.exe) - C:\RECYCLER\S-1-5-21-9082484802-5576524064-820464265-4388\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8811731306-1791562062-211251113-9666\winmap.exe) - C:\RECYCLER\S-1-5-21-8811731306-1791562062-211251113-9666\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5269631581-0882911761-371335471-7563\winmap.exe) - C:\RECYCLER\S-1-5-21-5269631581-0882911761-371335471-7563\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4541245072-1095995716-033486851-9401\winmap.exe) - C:\RECYCLER\S-1-5-21-4541245072-1095995716-033486851-9401\winmap.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.06.22 14:41:49 | 000,000,150 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1deec2cb-f75a-11dc-8a14-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1deec2cb-f75a-11dc-8a14-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2011.10.31 16:47:21 | 001,022,832 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag)
O33 - MountPoints2\{26af7607-0fc7-11dd-8b5e-0015af7b0cb7}\Shell\AutoRun\command - "" = G:\RECYCLER\autorun.exe
O33 - MountPoints2\{26af7607-0fc7-11dd-8b5e-0015af7b0cb7}\Shell\open\command - "" = G:\RECYCLER\autorun.exe
O33 - MountPoints2\{4fb9fb39-e1bb-11dd-a6ee-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb9fb39-e1bb-11dd-a6ee-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{77293680-6c15-11df-bf67-00038a000015}\Shell\AutoRun\command - "" = H:\RECYCLER\autorun.exe
O33 - MountPoints2\{77293680-6c15-11df-bf67-00038a000015}\Shell\open\command - "" = H:\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 21:23:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.22 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.04.22 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Local Settings
[2013.04.22 21:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.22 21:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.22 21:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.22 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\BabSolution
[2013.04.22 21:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.04.22 21:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.22 21:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.22 21:19:19 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Babylon
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.22 21:29:48 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2013.04.22 21:29:15 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2013.04.22 21:27:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 21:27:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 21:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.22 21:26:52 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:39 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:35 | 000,162,056 | ---- | M] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2013.04.22 21:16:08 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 21:16:08 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 21:16:08 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 21:16:08 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 20:45:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.22 21:21:12 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:37 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:02 | 000,162,056 | ---- | C] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2009.03.01 18:47:14 | 000,019,433 | ---- | C] () -- C:\Users\Marcus\Kontakte_Handy K800i.ods
[2008.12.27 00:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Default.PLS
[2008.12.25 23:13:23 | 000,000,680 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2008.05.17 18:25:50 | 170,713,244 | ---- | C] () -- C:\Users\Marcus\TempImage.nrg
[2008.03.23 14:34:29 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2008.03.23 14:24:19 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2008.03.23 14:22:15 | 000,036,864 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 14:20:54 | 000,009,682 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\wklnhst.dat
[2008.03.23 11:21:06 | 000,000,094 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007.09.18 13:00:23 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006.11.02 11:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.24 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AAV
[2013.04.22 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BabSolution
[2013.04.22 21:19:19 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Babylon
[2008.03.23 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Buhl Data Service GmbH
[2011.05.22 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BullGuard
[2010.07.25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MAGIX
[2010.09.26 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sonavis
[2011.07.03 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\temp
[2008.03.23 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Template
[2008.03.23 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 22.04.2013 21:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,75% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 60,43 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 473,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.01.28 21:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.01.28 21:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.23 14:33:47 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.14 18:40:26 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.01 08:07:03 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.01.01 08:07:03 | 000,228,864 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.31 13:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.16 15:34:32 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2007.10.16 15:33:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.18 12:19:02 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2007.01.19 12:55:00 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\MSN Messenger\msnmsgr.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.11.14 15:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe
PRC - [2006.11.02 14:35:15 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 11:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2008.01.01 08:07:03 | 000,036,352 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.01.28 21:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.01.28 21:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.01 08:07:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.18 12:19:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.11.27 11:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 16:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 16:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=86570015AF7B0CB7
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
 
[2013.04.22 21:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [psysnew] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [awde7zip19638]  File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB45861-79BD-4D58-A980-3EC0AE2A0BF8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8544844260-9748108731-416439516-1967\winmap.exe) - C:\RECYCLER\S-1-5-21-8544844260-9748108731-416439516-1967\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7657542222-1822721105-271569067-7071\winmap.exe) - C:\RECYCLER\S-1-5-21-7657542222-1822721105-271569067-7071\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6334764210-1400428312-820338010-3587\winmap.exe) - C:\RECYCLER\S-1-5-21-6334764210-1400428312-820338010-3587\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2099290451-0801687248-881637939-6472\winmap.exe) - C:\RECYCLER\S-1-5-21-2099290451-0801687248-881637939-6472\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5380032843-0092896281-057070281-1725\winmap.exe) - C:\RECYCLER\S-1-5-21-5380032843-0092896281-057070281-1725\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2216701945-2481984187-441471480-2281\winmap.exe) - C:\RECYCLER\S-1-5-21-2216701945-2481984187-441471480-2281\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2903814639-9976829197-688286704-2836\winmap.exe) - C:\RECYCLER\S-1-5-21-2903814639-9976829197-688286704-2836\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5321474537-8582077426-160912201-4937\winmap.exe) - C:\RECYCLER\S-1-5-21-5321474537-8582077426-160912201-4937\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7198325018-2513435725-211056830-5795\winmap.exe) - C:\RECYCLER\S-1-5-21-7198325018-2513435725-211056830-5795\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6995904886-7057551055-991548404-1271\winmap.exe) - C:\RECYCLER\S-1-5-21-6995904886-7057551055-991548404-1271\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9082484802-5576524064-820464265-4388\winmap.exe) - C:\RECYCLER\S-1-5-21-9082484802-5576524064-820464265-4388\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8811731306-1791562062-211251113-9666\winmap.exe) - C:\RECYCLER\S-1-5-21-8811731306-1791562062-211251113-9666\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5269631581-0882911761-371335471-7563\winmap.exe) - C:\RECYCLER\S-1-5-21-5269631581-0882911761-371335471-7563\winmap.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4541245072-1095995716-033486851-9401\winmap.exe) - C:\RECYCLER\S-1-5-21-4541245072-1095995716-033486851-9401\winmap.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.06.22 14:41:49 | 000,000,150 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1deec2cb-f75a-11dc-8a14-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1deec2cb-f75a-11dc-8a14-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2011.10.31 16:47:21 | 001,022,832 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag)
O33 - MountPoints2\{26af7607-0fc7-11dd-8b5e-0015af7b0cb7}\Shell\AutoRun\command - "" = G:\RECYCLER\autorun.exe
O33 - MountPoints2\{26af7607-0fc7-11dd-8b5e-0015af7b0cb7}\Shell\open\command - "" = G:\RECYCLER\autorun.exe
O33 - MountPoints2\{4fb9fb39-e1bb-11dd-a6ee-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb9fb39-e1bb-11dd-a6ee-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{77293680-6c15-11df-bf67-00038a000015}\Shell\AutoRun\command - "" = H:\RECYCLER\autorun.exe
O33 - MountPoints2\{77293680-6c15-11df-bf67-00038a000015}\Shell\open\command - "" = H:\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 21:23:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.22 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.04.22 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Local Settings
[2013.04.22 21:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.22 21:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.22 21:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.22 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\BabSolution
[2013.04.22 21:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.04.22 21:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.22 21:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.22 21:19:19 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Babylon
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.22 21:29:48 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2013.04.22 21:29:15 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2013.04.22 21:27:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 21:27:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 21:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.22 21:26:52 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:39 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:35 | 000,162,056 | ---- | M] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2013.04.22 21:16:08 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 21:16:08 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 21:16:08 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 21:16:08 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 20:45:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.22 21:21:12 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:37 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:02 | 000,162,056 | ---- | C] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2009.03.01 18:47:14 | 000,019,433 | ---- | C] () -- C:\Users\Marcus\Kontakte_Handy K800i.ods
[2008.12.27 00:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Default.PLS
[2008.12.25 23:13:23 | 000,000,680 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2008.05.17 18:25:50 | 170,713,244 | ---- | C] () -- C:\Users\Marcus\TempImage.nrg
[2008.03.23 14:34:29 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2008.03.23 14:24:19 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2008.03.23 14:22:15 | 000,036,864 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 14:20:54 | 000,009,682 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\wklnhst.dat
[2008.03.23 11:21:06 | 000,000,094 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007.09.18 13:00:23 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006.11.02 11:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.24 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AAV
[2013.04.22 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BabSolution
[2013.04.22 21:19:19 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Babylon
[2008.03.23 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Buhl Data Service GmbH
[2011.05.22 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BullGuard
[2010.07.25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MAGIX
[2010.09.26 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sonavis
[2011.07.03 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\temp
[2008.03.23 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Template
[2008.03.23 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.04.2013 21:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,75% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 60,43 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 473,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{340E03D2-DC0D-49AF-80B6-188E9CE00B38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6A5B4DAF-EFA3-45A8-85C9-16D32F583F51}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{866D3D89-1444-4BCB-8D49-B05C427375F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3CABC93-55C7-4366-8600-D5BE6A938EA8}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022BEC5F-4776-41A9-B273-979091EBF42E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{038FFAEF-FFB6-45B4-9CD0-BC8EBB2E823C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0B9270C1-A4DD-4513-ABA2-D5BBF6849322}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{0CE8EB4F-F546-4077-8822-F839AACB7B56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0E21D10D-ACF5-4066-9A56-30F5C15EB709}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0FA544C2-022C-41BA-B6A5-5B805B984C33}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{100A9B4B-244B-4FE7-9710-746B20E95613}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1564D45A-36C5-4651-AC87-AD235BB995A7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{21414FA7-3F37-4E11-8D5C-980CF98F1FE3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{229ABF05-44A3-4F6B-8381-FF963DB7E1E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2A6EDD9A-6E35-4B8B-815C-9558E76F3359}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DB64019-BD71-4119-A123-A370B509CE18}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3A8A6666-B63A-4061-8932-EDA15C3ED415}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3FA1A0C0-0B49-4A09-8DDB-73628879A0E6}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{48E7CE66-9B9E-4890-AFC6-C69C1D1B89F3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4996F40C-B503-4B7C-982F-ADF240147D6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{63656FBA-06A6-4737-8D13-9EF8AC02102E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6E7F017C-EF61-4FDA-9FD4-6FE7DE0D348E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6FFF8494-0E19-4671-9942-05AE7DAC0DF5}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{78CD8C35-00DA-49F4-BA61-E1497ECF4258}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7D691FB8-8F34-46AE-9174-04FAEC1ABCF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86855C85-7057-48CC-B530-13403B56DE08}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94E8C3EB-0148-4519-B8DF-EE03739DE217}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{9A58EDA1-B85D-41A9-A79F-A5021393FD25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A6094089-7AFA-4976-AD56-DDF6F01B6DCB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6BD6985-739D-44DF-89E4-741EEA2C70DB}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{AD22D8F0-A4E6-49BF-90E1-FFA95B67C576}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{AED6F70E-C940-460F-BAAC-25A3DFF802DC}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{BA93C9C4-683A-415F-8BAF-049516488432}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{C6A81927-7D96-4F4A-B3C1-3D7B7D6A1932}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C83CB898-2925-4057-8B5C-FE49113DE687}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCB95074-306B-4659-817C-5F2A18CFAA93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D15B85CB-08ED-4594-9527-2FB86E63E345}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{E745C705-845A-416A-ACB6-8553028F9045}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F4F4A35B-4C79-420A-A6B0-9C44A84E5FCB}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{F5D03B60-8258-4644-A679-03E3BE44A3B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord
"ALDI Foto Service Nord D" = ALDI Foto Service Nord
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar 
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.02.2013 18:56:45 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 20.02.2013 18:56:45 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 14:46:31 | Computer Name = Marcus-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 22.04.2013 15:15:02 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:15:02 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:16:06 | Computer Name = Marcus-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 22.04.2013 15:20:19 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:20 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:20 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:23 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ OSession Events ]
Error - 14.08.2010 06:55:36 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.12.2010 08:25:41 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.12.2010 14:44:13 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.12.2010 14:27:46 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.12.2010 04:43:42 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 05:16:35 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 06:19:49 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 08:04:35 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2010 17:09:33 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.12.2010 13:00:22 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.12.2010 04:13:43 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.04.2013 21:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,75% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 60,43 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 473,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{340E03D2-DC0D-49AF-80B6-188E9CE00B38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6A5B4DAF-EFA3-45A8-85C9-16D32F583F51}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{866D3D89-1444-4BCB-8D49-B05C427375F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3CABC93-55C7-4366-8600-D5BE6A938EA8}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022BEC5F-4776-41A9-B273-979091EBF42E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{038FFAEF-FFB6-45B4-9CD0-BC8EBB2E823C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0B9270C1-A4DD-4513-ABA2-D5BBF6849322}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{0CE8EB4F-F546-4077-8822-F839AACB7B56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0E21D10D-ACF5-4066-9A56-30F5C15EB709}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0FA544C2-022C-41BA-B6A5-5B805B984C33}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{100A9B4B-244B-4FE7-9710-746B20E95613}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1564D45A-36C5-4651-AC87-AD235BB995A7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{21414FA7-3F37-4E11-8D5C-980CF98F1FE3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{229ABF05-44A3-4F6B-8381-FF963DB7E1E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2A6EDD9A-6E35-4B8B-815C-9558E76F3359}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DB64019-BD71-4119-A123-A370B509CE18}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3A8A6666-B63A-4061-8932-EDA15C3ED415}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3FA1A0C0-0B49-4A09-8DDB-73628879A0E6}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{48E7CE66-9B9E-4890-AFC6-C69C1D1B89F3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4996F40C-B503-4B7C-982F-ADF240147D6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{63656FBA-06A6-4737-8D13-9EF8AC02102E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6E7F017C-EF61-4FDA-9FD4-6FE7DE0D348E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6FFF8494-0E19-4671-9942-05AE7DAC0DF5}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{78CD8C35-00DA-49F4-BA61-E1497ECF4258}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7D691FB8-8F34-46AE-9174-04FAEC1ABCF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86855C85-7057-48CC-B530-13403B56DE08}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94E8C3EB-0148-4519-B8DF-EE03739DE217}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{9A58EDA1-B85D-41A9-A79F-A5021393FD25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A6094089-7AFA-4976-AD56-DDF6F01B6DCB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6BD6985-739D-44DF-89E4-741EEA2C70DB}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{AD22D8F0-A4E6-49BF-90E1-FFA95B67C576}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{AED6F70E-C940-460F-BAAC-25A3DFF802DC}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{BA93C9C4-683A-415F-8BAF-049516488432}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{C6A81927-7D96-4F4A-B3C1-3D7B7D6A1932}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C83CB898-2925-4057-8B5C-FE49113DE687}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCB95074-306B-4659-817C-5F2A18CFAA93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D15B85CB-08ED-4594-9527-2FB86E63E345}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{E745C705-845A-416A-ACB6-8553028F9045}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F4F4A35B-4C79-420A-A6B0-9C44A84E5FCB}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{F5D03B60-8258-4644-A679-03E3BE44A3B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord
"ALDI Foto Service Nord D" = ALDI Foto Service Nord
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar 
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.02.2013 18:56:45 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 20.02.2013 18:56:45 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 14:46:31 | Computer Name = Marcus-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 22.04.2013 15:15:02 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:15:02 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:16:06 | Computer Name = Marcus-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 22.04.2013 15:20:19 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:20 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:20 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.04.2013 15:20:23 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ OSession Events ]
Error - 14.08.2010 06:55:36 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.12.2010 08:25:41 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.12.2010 14:44:13 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.12.2010 14:27:46 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.12.2010 04:43:42 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 05:16:35 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 06:19:49 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.12.2010 08:04:35 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2010 17:09:33 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.12.2010 13:00:22 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.12.2010 04:13:43 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

aharonov 22.04.2013 21:08
Hi,

mach bitte auch noch ein Gmer-Log:



Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

SGC2013 25.04.2013 21:51
Endlich.....

nach dem Abschluss kam folgende Meldung

WARNING: GMER has found system modification caused by ROOTKIT activity





GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-24 23:31:16
Windows 6.0.6000  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Marcus\AppData\Local\Temp\pxlyypog.sys


---- System - GMER 2.1 ----

SSDT            8AC4EE64                                                                                                                                                                                            ZwClose
SSDT            8AC4EE6E                                                                                                                                                                                            ZwCreateSection
SSDT            8AC4EE5F                                                                                                                                                                                            ZwDuplicateObject
SSDT            8AC4EE00                                                                                                                                                                                            ZwOpenProcess
SSDT            8AC4EE05                                                                                                                                                                                            ZwOpenThread
SSDT            8AC4EE78                                                                                                                                                                                            ZwRequestWaitReplyPort
SSDT            8AC4EE73                                                                                                                                                                                            ZwSetContextThread
SSDT            8AC4EE7D                                                                                                                                                                                            ZwSetSecurityObject
SSDT            8AC4EE82                                                                                                                                                                                            ZwSystemDebugControl
SSDT            8AC4EE0F                                                                                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                                                                            section is writeable [0x8E659360, 0x35BF98, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[12] USER32.dll!DialogBoxParamW                                                                          764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[280] USER32.dll!DialogBoxParamW                                                                                        764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Windows\system32\agrsmsvc.exe[496] USER32.dll!DialogBoxParamW                                                                                                                                    764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[524] USER32.dll!DialogBoxParamW                                                                                                                  764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Windows\system32\wininit.exe[612] USER32.dll!DialogBoxParamW                                                                                                                                    764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          ...                                                                                                                                                                                               
.text          C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!SetUnhandledExceptionFilter                                                                                                          7656D187 5 Bytes  JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text          C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!DialogBoxParamW                                                                                                                        764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Windows\ehome\ehtray.exe[2160] USER32.dll!DialogBoxParamW                                                                                                                                        764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Windows\System32\svchost.exe[2168] USER32.dll!DialogBoxParamW                                                                                                                                    764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2196] USER32.dll!DialogBoxParamW                                                                                                    764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          C:\Windows\System32\svchost.exe[2200] USER32.dll!DialogBoxParamW                                                                                                                                    764D129F 5 Bytes  JMP 75AB4720 c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text          ...                                                                                                                                                                                               

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                              SiWinAcc.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                            Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                            Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                            tcpipBM.SYS
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                            fltmgr.sys

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                                                                                                                                                  [4] 84146AB0                                                                             

---- Registry - GMER 2.1 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow                                                                                                              1695963553
Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f!                                                                                              19583823
Reg            HKLM\SOFTWARE\Classes\Installer\Features\3e43b73803c7c394f8a6b2f0402e19c2                                                                                                                         
Reg            HKLM\SOFTWARE\Classes\Installer\Features\3e43b73803c7c394f8a6b2f0402e19c2@VC_Redist                                                                                                               
Reg            HKLM\SOFTWARE\Classes\Installer\Features\3e43b73803c7c394f8a6b2f0402e19c2@Servicing_Key                                                                                                           
Reg            HKLM\SOFTWARE\Classes\Installer\Products\00002119F20000000000000000F01FEC\Patches@Patches                                                                                                          10E57EEBF3DDF5D49BC606E956834D91?
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2                                                                                                                         
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@ProductName                                                                                                              Microsoft Visual C++ 2005 Redistributable
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@PackageCode                                                                                                              89402836B2F60B04F9803CF6D2C84E21
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@Language                                                                                                                  0
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@Version                                                                                                                  134276921
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@Assignment                                                                                                                1
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@AdvertiseFlags                                                                                                            388
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@InstanceType                                                                                                              0
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@AuthorizedLUAApp                                                                                                          0
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@DeploymentFlags                                                                                                          3
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2@Clients                                                                                                                  :?
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList                                                                                                               
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList@PackageName                                                                                                    vcredist.msi
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList@LastUsedSource                                                                                                m;1;F:\data\Microsoft\VCR_2005_SP1\
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media                                                                                                         
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@MediaPackage                                                                                            \data\Microsoft\VCR_2005_SP1\
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@DiskPrompt                                                                                              [1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@1                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@2                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@3                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@4                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@5                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@6                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@7                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@8                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@9                                                                                                        SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@10                                                                                                      SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@11                                                                                                      SSE11_1601;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"                      ?Ow9RZHgU?]JKs'xwZC2VC_Redist>pR^pXI`Quoe8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.VC80.CRT,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"                      ?Ow9RZHgU?]JKs'xwZC2VC_Redist>_j0,Y]s!Soe8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.VC80.MFC,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"                      ?Ow9RZHgU?]JKs'xwZC2VC_Redist>!M!&ZZc0%ne8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.VC80.MFCLOC,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"                    ?Ow9RZHgU?]JKs'xwZC2VC_Redist>iE$[M1%.d'e8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.VC80.OpenMP,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"                    ?Ow9RZHgU?]JKs'xwZC2VC_Redist>5o0h,pMvN=e8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@policy.8.0.Microsoft.VC80.ATL,type="win32-policy",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"    ?Ow9RZHgU?]JKs'xwZC2VC_Redist>6k}pHLH$SDe8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@policy.8.0.Microsoft.VC80.CRT,type="win32-policy",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"    ?Ow9RZHgU?]JKs'xwZC2VC_Redist>aZO,H*K2`Ee8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"    ?Ow9RZHgU?]JKs'xwZC2VC_Redist>=$k`IN]I8Ce8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@policy.8.0.Microsoft.VC80.MFCLOC,type="win32-policy",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"  ?Ow9RZHgU?]JKs'xwZC2VC_Redist>fr8_l(m2NDe8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Installer\Win32Assemblies\Global@policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"  ?Ow9RZHgU?]JKs'xwZC2VC_Redist>70-T$!(*&Ne8MkbIdFwU?
Reg            HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.4.0\CLSID@                                                                                                                                                {88d969c0-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.DSOControl.4.0\CLSID@                                                                                                                                                  {88d969c4-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.4.0\CLSID@                                                                                                                                    {88d969c1-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.MXHTMLWriter.4.0\CLSID@                                                                                                                                                {88d969c9-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.MXNamespaceManager.4.0\CLSID@                                                                                                                                          {88d969d6-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.4.0\CLSID@                                                                                                                                                {88d969c8-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.4.0\CLSID@                                                                                                                                              {88d969ca-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.4.0\CLSID@                                                                                                                                                {7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}
Reg            HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.4.0\CLSID@                                                                                                                                              {88d969c6-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.4.0\CLSID@                                                                                                                                                    {88d969c5-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.4.0\CLSID@                                                                                                                                              {88d969c2-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.4.0\CLSID@                                                                                                                                                {88d969c3-f192-11d4-a65f-0040963251e5}
Reg            HKLM\SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0\win32@                                                                                                                  C:\Windows\system32\msxml4.dll
Reg            HKLM\SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\HELPDIR@                                                                                                                  C:\Windows\system32
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Run@psysnew                                                                                                                                          C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe(2010-06-29 20:15:47)
Reg            HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Shell                                                                                                                                    C:\RECYCLER\S-1-5-21-8544844260-9748108731-416439516-1967\winmap.exe(2011-07-17 20:45:28)

---- EOF - GMER 2.1 ----
--- --- ---

aharonov 26.04.2013 17:26
Jep, dann gehen wir es an:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL

SGC2013 26.04.2013 20:26
AdwCleaner Logfile:
Code:
# AdwCleaner v2.202 - Datei am 26/04/2013 um 21:15:06 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzer : Marcus - MARCUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marcus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect

***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Marcus\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Marcus\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Marcus\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\530dbdeb56eea42
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\530dbdeb56eea42
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16575

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=86570015AF7B0CB7 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=86570015AF7B0CB7 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [7191 octets] - [26/04/2013 21:15:06]

########## EOF - C:\AdwCleaner[S1].txt - [7251 octets] ##########
--- --- ---

aharonov 26.04.2013 21:06
Jep, ok soweit.

SGC2013 26.04.2013 21:21
Combofix Logfile:
Code:
ComboFix 13-04-26.01 - Marcus 26.04.2013  21:51:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.1723 [GMT 2:00]
ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-26 19:15 . 2013-04-26 19:16        97        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-04-24 16:03 . 2013-04-24 16:03        171520        ----a-w-        c:\windows\system32\wintrust.dll
2013-04-24 16:02 . 2013-04-24 16:02        454656        ----a-w-        c:\program files\Common Files\System\msadc\msadce.dll
2013-04-24 16:01 . 2013-04-24 16:01        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2013-04-24 15:59 . 2013-04-24 15:59        97792        ----a-w-        c:\windows\system32\cabview.dll
2013-04-24 15:57 . 2013-04-24 15:57        396800        ----a-w-        c:\windows\system32\drivers\http.sys
2013-04-24 15:57 . 2013-04-24 15:57        31232        ----a-w-        c:\windows\system32\httpapi.dll
2013-04-24 15:57 . 2013-04-24 15:57        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2013-04-22 20:15 . 2013-04-17 04:31        6906960        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5A19743-3A57-4D04-82DC-959B69164881}\mpengine.dll
2013-04-22 20:15 . 2013-03-11 23:10        237088        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-22 19:20 . 2013-04-22 19:20        --------        d-----w-        c:\windows\system32\searchplugins
2013-04-22 19:20 . 2013-04-22 19:20        --------        d-----w-        c:\windows\system32\Extensions
2013-04-22 19:20 . 2013-04-22 19:20        --------        d-----w-        c:\program files\7-Zip
2013-04-22 19:19 . 2013-04-22 19:19        --------        d-----w-        c:\programdata\BrowserProtect
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-18 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-01 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"HostManager"="c:\program files\Common Files\AOL\1230201501\ee\AOLSoftware.exe" [2006-11-14 50736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4224337704-570406217-1902100241-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,4f,9d,52,65,e3,3f,1e,12,1a,bd,bd,13,df,ee,28,ee,1f,81,bb,80,
  21,ae,48,d7,9a,e3,28,46,99,e6,b8,f3,9a,19,14,12,ea,87,02,2d,9b,9f,8d,2f,52,\
"rkeysecu"=hex:f2,5b,9a,dc,c6,e8,10,65,ab,f7,eb,f8,c8,5d,c1,a2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\common files\gnab\service\servicecontroller.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\conime.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-26  22:12:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-26 20:12
.
Vor Suchlauf: 7 Verzeichnis(se), 62.387.937.280 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 62.841.339.904 Bytes frei
.
- - End Of File - - A2B7FB88E93768D82B2521AC3C16A92D
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 26.04.2013 22:23:14 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,30% Memory free
6,17 Gb Paging File | 5,14 Gb Available in Paging File | 83,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 58,49 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 473,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2013.04.22 21:16:32 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009.02.03 04:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.01 08:07:03 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.01.01 08:07:03 | 000,228,864 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2007.12.15 13:28:39 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2007.12.15 13:28:37 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.31 13:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.16 15:33:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.11.14 15:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe
PRC - [2006.11.02 14:35:15 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 11:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2008.01.01 08:07:03 | 000,036,352 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.01 08:07:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.18 12:19:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE533
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
 
 
[2013.04.22 21:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.04.26 22:07:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB45861-79BD-4D58-A980-3EC0AE2A0BF8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.06.22 14:41:49 | 000,000,150 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 22:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\temp
[2013.04.26 22:07:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.26 21:47:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.26 21:47:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.26 21:47:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.04.26 21:47:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.26 21:29:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 21:28:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 21:27:03 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\ComboFix.exe
[2013.04.22 21:23:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.22 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Local Settings
[2013.04.22 21:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.22 21:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.22 21:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.22 21:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 22:24:54 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.26 22:24:54 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.26 22:24:54 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.26 22:24:54 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.26 22:17:42 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2013.04.26 22:17:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 22:17:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 22:17:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 22:17:03 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 22:07:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.26 21:37:41 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2013.04.26 21:27:31 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\ComboFix.exe
[2013.04.26 21:16:11 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.26 21:05:43 | 000,619,461 | ---- | M] () -- C:\Users\Marcus\Desktop\adwcleaner.exe
[2013.04.25 22:56:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
[2013.04.25 22:40:30 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.25 22:37:44 | 000,465,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.24 17:09:34 | 291,601,370 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.22 22:13:05 | 000,377,856 | ---- | M] () -- C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
[2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:39 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:35 | 000,162,056 | ---- | M] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 21:47:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.26 21:47:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.26 21:47:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.26 21:47:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.26 21:47:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.26 21:15:42 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.26 21:05:23 | 000,619,461 | ---- | C] () -- C:\Users\Marcus\Desktop\adwcleaner.exe
[2013.04.25 22:40:30 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.22 22:13:02 | 000,377,856 | ---- | C] () -- C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:37 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:02 | 000,162,056 | ---- | C] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2009.03.01 18:47:14 | 000,019,433 | ---- | C] () -- C:\Users\Marcus\Kontakte_Handy K800i.ods
[2008.12.27 00:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Default.PLS
[2008.12.25 23:13:23 | 000,000,680 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2008.05.17 18:25:50 | 170,713,244 | ---- | C] () -- C:\Users\Marcus\TempImage.nrg
[2008.03.23 14:34:29 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2008.03.23 14:24:19 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2008.03.23 14:22:15 | 000,036,864 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 14:20:54 | 000,009,682 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\wklnhst.dat
[2008.03.23 11:21:06 | 000,000,094 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007.09.18 13:00:23 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006.11.02 11:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.24 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AAV
[2008.03.23 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Buhl Data Service GmbH
[2011.05.22 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BullGuard
[2010.07.25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MAGIX
[2010.09.26 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sonavis
[2011.07.03 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\temp
[2008.03.23 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Template
[2008.03.23 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 26.04.2013 22:06
Hallo,

hast du in der Zwischenzeit Avira deinstalliert??
Und hast du seit dem letzten OTL-Log etwas löschen lassen? Wenn ja, gibt es ein Logfile dazu?

SGC2013 27.04.2013 16:49
Ja, ich musste Avira deinstallieren, da sonst der Combofix nicht arbeiten konnte.
Obwohl ich Avira deaktiviert hatte, kaum immer ne Blockierung von dem Programm.

Nach der Deinstallation konnte der Combofix dann arbeiten.
Anschließend habe ich den OTL Lag erstellt ...

wie gehts weiter?

aharonov 27.04.2013 17:15
Aber hast du Avira noch etwas löschen lassen, nachdem du hier die ersten Logs gepostet hast?

SGC2013 27.04.2013 19:45
Nein, nur den Avira.

Soll ich einen Zwischenschritt nochmals wiederholen?

aharonov 28.04.2013 10:47
Kannst du bitte diesen Gmer-Scan von ganz zu Beginn nochmals wiederholen und das neue Log posten?

SGC2013 29.04.2013 17:45
bin gerade dabei ... kann sich nur noch um Stunden handeln.

aharonov 29.04.2013 19:56
Hehe, ok. :)

SGC2013 03.05.2013 15:55
So .... mittlerweile habe ich gefühlte 100 Versuche vorgenommen, den gmer durchlaufen zu lassen. Leider hängt sich der Rechner dabei immer auf und nix geht mehr. Können wir vielleicht etwas anderes probieren?

aharonov 03.05.2013 16:00
Ja:


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

SGC2013 03.05.2013 16:30
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-03 17:09:52
-----------------------------
17:09:52.049 OS Version: Windows 6.0.6000
17:09:52.049 Number of processors: 2 586 0xF0D
17:09:52.049 ComputerName: MARCUS-PC UserName: Marcus
17:09:53.312 Initialize success
17:11:44.781 AVAST engine defs: 13050300
17:13:03.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:13:03.093 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
17:13:03.249 Disk 0 MBR read successfully
17:13:03.249 Disk 0 MBR scan
17:13:03.264 Disk 0 Windows VISTA default MBR code
17:13:03.264 Disk 0 Partition - 00 0F Extended LBA 23218 MB offset 265024305
17:13:03.280 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 129406 MB offset 63
17:13:03.311 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 23218 MB offset 265024368
17:13:03.327 Disk 0 scanning sectors +312576705
17:13:03.405 Disk 0 scanning C:\Windows\system32\drivers
17:13:18.256 Service scanning
17:13:50.751 Modules scanning
17:13:55.649 Disk 0 trace - called modules:
17:13:55.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
17:13:55.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f7b268]
17:13:55.712 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> [0x8457a670]
17:13:55.727 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84580030]
17:13:57.506 AVAST engine scan C:\Windows
17:14:03.839 AVAST engine scan C:\Windows\system32
17:18:30.194 AVAST engine scan C:\Windows\system32\drivers
17:18:51.207 AVAST engine scan C:\Users\Marcus
17:25:50.894 AVAST engine scan C:\ProgramData
17:28:25.006 Scan finished successfully
17:30:10.353 Disk 0 MBR has been saved successfully to "C:\Users\Marcus\Desktop\MBR.dat"
17:30:10.368 The log file has been saved successfully to "C:\Users\Marcus\Desktop\aswMBR.txt"

aharonov 03.05.2013 21:59
Ok, dann so weiter:


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

SGC2013 05.05.2013 18:23
so ... der scan ist fertig.

Ergebnis:

Scan Finished: no maleware found!

exit oder previous ???


was heißt das jetzt???

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.04.06

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16575
Marcus :: MARCUS-PC [administrator]

04.05.2013 18:19:01
mbar-log-2013-05-04 (18-19-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27596
Time elapsed: 36 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

_________________________________________________________


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16575
Marcus :: MARCUS-PC [administrator]

05.05.2013 19:17:10
mbar-log-2013-05-05 (19-17-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27564
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16575
Marcus :: MARCUS-PC [administrator]

05.05.2013 19:17:10
mbar-log-2013-05-05 (19-17-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27564
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ICH HABE NIE DEN CLEAN UP BUTTON GEDRÜCKT .... lediglich scan

aharonov 06.05.2013 09:33
Ok, schauen wir zur Sicherheit noch schnell so nach:


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.

SGC2013 06.05.2013 20:24
Bleiben alle meine daten vorhanden/ erhalten ??

Computer reparieren gibt es bei mir nicht ..

ich habe ..


abgesicherter Modus
abgesicherter Modus mit netzwerktreibern
abgesicherter Modus mit eingabeaufforderung
startprotokoll aktivieren
anzeige mit niedriger auflösung
letze als fkt. bekannte Konfig
Verzeichnisdienstwiederherstellung
debugmodus
aut. neustart bei systemfehler
erzwingen der treibersignatur deaktivieren
windows normal starten

... was nun?

aharonov 07.05.2013 01:56
Und eine Windows-CD für "Variante 2 - Mit Windows CD/DVD" ist nicht vorhanden?

SGC2013 07.05.2013 16:48
Doch, die habe ich auch. Allerdings dauert das jetzt 2-3 Tage bis ich mal wieder daheim bin ... :) Dann werde ich die Variante 2 probieren? Meine ganzen Daten, Dateien bleiben aber erhalten?

aharonov 07.05.2013 17:45
Ok, in Ordnung.
Deine Daten/Dateien bleiben erhalten.

SGC2013 12.05.2013 15:43
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 12-05-2013 16:37:18
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [PLFSetL] C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" [188416 2007-09-06] (Wistron)
HKLM\...\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [86016 2007-09-07] (Wistron)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink)
HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe [2564096 2007-11-02] ()
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-12-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-12-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-12-18] (NVIDIA Corporation)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2008-01-01] (Google)
HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1230201501\ee\AOLSoftware.exe [50736 2006-11-14] (America Online, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141600 2009-11-12] (Apple Inc.)
HKLM\...\Winlogon: [System]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Marcus\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Marcus\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2006-11-02] (Microsoft Corporation)
HKU\Marcus\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

========================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2008-01-01] (Google)
S2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCASp50; System32\Drivers\PCASp50.sys [x]
S3 XUIF; System32\Drivers\x10ufx2.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-12 16:37 - 2013-05-12 16:37 - 00000000 ____D C:\FRST
2013-05-06 20:02 - 2013-05-06 20:02 - 00211968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-05-06 20:02 - 2013-05-06 20:02 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-06 20:02 - 2013-05-06 20:02 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-06 20:00 - 2013-05-06 20:00 - 00268800 ____A (Microsoft Corporation) C:\Windows\System32\es.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 06067200 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 03599360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 02452872 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-05 21:50 - 2013-05-05 21:50 - 01830912 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-05 21:50 - 2013-05-05 21:50 - 01383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:50 - 2013-05-05 21:50 - 01168384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00832512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00671232 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00477696 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00459264 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-05 21:50 - 2013-05-05 21:50 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00380928 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00124928 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-05 21:50 - 2013-05-05 21:50 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-05 21:46 - 2013-05-05 21:46 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2013-05-05 21:46 - 2013-05-05 21:46 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\polstore.dll
2013-05-05 21:46 - 2013-05-05 21:46 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\winipsec.dll
2013-05-05 21:46 - 2013-05-05 21:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\netiohlp.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\ARP.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\ROUTE.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\MRINFO.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\finger.exe
2013-05-05 21:43 - 2013-05-05 21:43 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00008704 ____A (Microsoft Corporation) C:\Windows\System32\HOSTNAME.EXE
2013-05-05 21:41 - 2013-05-05 21:41 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-05-05 21:41 - 2013-05-05 21:41 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-05-05 21:40 - 2013-05-05 21:40 - 01657350 ____A C:\Windows\System32\wlan.tmf
2013-05-05 21:40 - 2013-05-05 21:40 - 00502272 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\L2SecHC.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2013-05-05 21:39 - 2013-05-05 21:39 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 02855424 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 02433536 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL
2013-05-05 21:37 - 2013-05-05 21:37 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2013-05-05 21:37 - 2013-05-05 21:37 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2013-05-05 21:37 - 2013-05-05 21:37 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\mferror.dll
2013-05-05 21:36 - 2013-05-05 21:36 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-05-05 21:34 - 2013-05-05 21:34 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-05 21:33 - 2013-05-05 21:33 - 00297472 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-05-05 21:32 - 2013-05-05 21:32 - 01060920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-05 21:32 - 2013-05-05 21:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2013-05-05 21:30 - 2013-05-05 21:30 - 00500736 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
2013-05-05 21:30 - 2013-05-05 21:30 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\xolehlp.dll
2013-05-05 21:29 - 2013-05-05 21:29 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
2013-05-05 21:28 - 2013-05-05 21:28 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll
2013-05-05 21:26 - 2013-05-05 21:26 - 01194496 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-05 21:26 - 2013-05-05 21:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-05-05 21:25 - 2013-05-05 21:25 - 00713728 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-05-05 21:24 - 2013-05-05 21:24 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 01244672 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00292352 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2013-05-05 21:17 - 2013-05-05 21:17 - 11315712 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-05 21:15 - 2013-05-05 21:15 - 00696832 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-05 21:14 - 2013-05-05 21:14 - 00211000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00110136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00045112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00021560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00017976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2013-05-05 21:13 - 2013-05-05 21:13 - 01233920 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00494592 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00408136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-05 21:13 - 2013-05-05 21:13 - 00272384 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-05-05 21:12 - 2013-05-05 21:12 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\netcfg.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00781344 ____A (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00326160 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00097800 ____A (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00043544 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00037384 ____A (Microsoft Corporation) C:\Windows\System32\infocardcpl.cpl
2013-05-05 20:57 - 2013-05-05 20:57 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\icardres.dll
2013-05-05 20:46 - 2013-05-05 20:54 - 35061760 ____A C:\Windows\ocsetup_install_NetFx3.etl
2013-05-05 20:46 - 2013-05-05 20:54 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.perf
2013-05-05 20:46 - 2013-05-05 20:54 - 00065536 ____A C:\Windows\ocsetup_cbs_install_NetFx3.dpx
2013-05-05 18:33 - 2013-05-05 18:33 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00096760 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-05-04 16:41 - 2013-05-04 16:41 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.05.0.1001
2013-05-04 16:41 - 2013-05-04 16:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-04 16:40 - 2013-05-04 16:40 - 12917756 ____A C:\Users\Marcus\Desktop\mbar-1.05.0.1001.zip
2013-05-03 20:29 - 2013-05-03 20:29 - 00001078 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 16:30 - 2013-05-03 16:30 - 00002005 ____A C:\Users\Marcus\Desktop\aswMBR.txt
2013-05-03 16:30 - 2013-05-03 16:30 - 00000512 ____A C:\Users\Marcus\Desktop\MBR.dat
2013-05-03 16:09 - 2013-05-03 16:09 - 04745728 ____A (AVAST Software) C:\Users\Marcus\Desktop\aswMBR.exe
2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-04-27 21:50 - 2013-04-27 21:50 - 03503584 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 03469280 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 00654336 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00220672 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codecp.acm
2013-04-27 21:50 - 2013-04-27 21:50 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\sdohlp.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00062464 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-04-27 21:50 - 2013-04-27 21:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\iasads.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\iasdatastore.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00815104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00213592 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\netiougc.exe
2013-04-27 21:49 - 2013-04-27 21:49 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TUNMP.SYS
2013-04-27 21:48 - 2013-04-27 21:48 - 00875520 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00712704 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\amxread.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\apilogen.dll
2013-04-27 21:47 - 2013-04-27 21:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-04-27 21:47 - 2013-04-27 21:47 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-04-27 21:46 - 2013-04-27 21:46 - 02031104 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-27 21:46 - 2013-04-27 21:46 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll
2013-04-27 21:46 - 2013-04-27 21:46 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2013-04-27 21:46 - 2013-04-27 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.tlb
2013-04-27 21:46 - 2013-04-27 21:46 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\amcompat.tlb
2013-04-27 21:46 - 2013-04-27 21:46 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00523776 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00473088 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00472576 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00154112 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00558080 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2013-04-27 21:44 - 2013-04-27 21:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\sbunattend.exe
2013-04-27 21:43 - 2013-04-27 21:43 - 04247552 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll
2013-04-27 21:43 - 2013-04-27 21:43 - 01686528 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-04-27 21:43 - 2013-04-27 21:43 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll
2013-04-27 21:42 - 2013-04-27 21:42 - 00996352 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll
2013-04-27 21:42 - 2013-04-27 21:42 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\logagent.exe
2013-04-27 21:41 - 2013-04-27 21:41 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-04-27 21:40 - 2013-04-27 21:40 - 00737792 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-04-27 21:40 - 2013-04-27 21:40 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2013-04-27 21:40 - 2013-04-27 21:40 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2013-04-27 21:39 - 2013-04-27 21:39 - 01645568 ____A (Microsoft Corporation) C:\Windows\System32\connect.dll
2013-04-27 21:37 - 2013-04-27 21:37 - 00788992 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-04-27 21:37 - 2013-04-27 21:37 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-04-27 21:36 - 2013-04-27 21:36 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-04-27 21:36 - 2013-04-27 21:36 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll
2013-04-27 21:36 - 2013-04-27 21:36 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
2013-04-27 21:35 - 2013-04-27 21:35 - 01341440 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-04-27 21:35 - 2013-04-27 21:35 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 01327616 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\msvfw32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\avicap32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2013-04-27 21:31 - 2013-04-27 21:31 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2013-04-27 21:30 - 2013-04-27 21:30 - 10622464 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-04-27 21:30 - 2013-04-27 21:30 - 08147968 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-04-27 21:30 - 2013-04-27 21:30 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2013-04-27 21:30 - 2013-04-27 21:30 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2013-04-27 21:30 - 2013-04-27 21:30 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2013-04-27 21:29 - 2013-04-27 21:29 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe
2013-04-26 21:13 - 2013-04-26 21:13 - 00008256 ____A C:\Users\Marcus\Desktop\combofix.txt
2013-04-26 21:12 - 2013-04-26 21:12 - 00008256 ____A C:\ComboFix.txt
2013-04-26 20:47 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-04-26 20:47 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-04-26 20:47 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-04-26 20:47 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-04-26 20:29 - 2013-04-26 21:12 - 00000000 ____D C:\Qoobox
2013-04-26 20:28 - 2013-04-26 21:10 - 00000000 ____D C:\Windows\erdnt
2013-04-26 20:27 - 2013-04-26 20:27 - 05059946 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe
2013-04-26 20:21 - 2013-04-26 20:21 - 00007320 ____A C:\Users\Marcus\Desktop\AdwCleaner[S1].txt
2013-04-26 20:15 - 2013-04-26 20:16 - 00007320 ____A C:\AdwCleaner[S1].txt
2013-04-26 20:15 - 2013-04-26 20:16 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-04-26 20:05 - 2013-04-26 20:05 - 00619461 ____A C:\Users\Marcus\Desktop\adwcleaner.exe
2013-04-25 21:40 - 2013-04-25 21:40 - 00001593 ____A C:\Users\Public\Desktop\Browserwahl.lnk
2013-04-24 22:31 - 2013-04-24 22:31 - 00023163 ____A C:\Users\Marcus\Desktop\gmer.txt
2013-04-24 17:03 - 2013-04-24 17:03 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-24 17:01 - 2013-04-24 17:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2013-04-24 16:59 - 2013-04-24 16:59 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2013-04-24 16:57 - 2013-04-24 16:57 - 00396800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-04-24 16:57 - 2013-04-24 16:57 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll
2013-04-24 16:57 - 2013-04-24 16:57 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\nshhttp.dll
2013-04-24 16:53 - 2013-04-24 16:53 - 00282796 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-04-24 16:51 - 2013-04-24 16:51 - 00290058 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-04-24 16:10 - 2013-04-24 16:10 - 00138912 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-22 21:15 - 2013-03-12 00:10 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-22 21:13 - 2013-04-22 21:13 - 00377856 ____A C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
2013-04-22 20:47 - 2013-04-22 20:47 - 00041948 ____A C:\Users\Marcus\Desktop\Extras.Txt
2013-04-22 20:41 - 2013-04-26 21:34 - 00064338 ____A C:\Users\Marcus\Desktop\OTL.Txt
2013-04-22 20:23 - 2013-04-22 20:23 - 00602112 ____A (OldTimer Tools) C:\Users\Marcus\Desktop\OTL.exe
2013-04-22 20:21 - 2013-04-22 20:23 - 00000474 ____A C:\Users\Marcus\Desktop\defogger_disable.log
2013-04-22 20:21 - 2013-04-22 20:21 - 00000000 ____A C:\Users\Marcus\defogger_reenable
2013-04-22 20:20 - 2013-04-22 20:20 - 00050477 ____A C:\Users\Marcus\Desktop\Defogger.exe
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Windows\System32\searchplugins
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Windows\System32\Extensions
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\7-Zip
2013-04-22 20:19 - 2013-04-22 20:19 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-04-22 20:19 - 2013-04-22 20:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-22 20:18 - 2013-04-22 20:18 - 00162056 ____A () C:\Users\Marcus\Desktop\7ZipSetup.exe

==================== One Month Modified Files and Folders ========

2013-05-12 16:37 - 2013-05-12 16:37 - 00000000 ____D C:\FRST
2013-05-12 15:30 - 2006-11-02 14:01 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-12 15:30 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 15:29 - 2006-11-02 13:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-12 15:29 - 2006-11-02 13:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-12 15:27 - 2008-03-23 10:34 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
2013-05-12 14:38 - 2008-03-23 10:17 - 01396488 ____A C:\Windows\WindowsUpdate.log
2013-05-12 14:16 - 2006-11-02 11:33 - 01488910 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 14:04 - 2008-03-23 13:34 - 00055302 ____A C:\Users\Marcus\AppData\Roaming\nvModes.001
2013-05-06 20:02 - 2013-05-06 20:02 - 00211968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-05-06 20:02 - 2013-05-06 20:02 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-06 20:02 - 2013-05-06 20:02 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-06 20:02 - 2007-10-23 01:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-06 20:00 - 2013-05-06 20:00 - 00268800 ____A (Microsoft Corporation) C:\Windows\System32\es.dll
2013-05-06 19:59 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-06 19:58 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-06 19:58 - 2006-11-02 11:23 - 00000386 ____A C:\Windows\win.ini
2013-05-06 19:30 - 2006-11-02 13:52 - 00071348 ____A C:\Windows\setupact.log
2013-05-06 19:27 - 2006-11-02 13:50 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2013-05-06 19:27 - 2006-11-02 13:50 - 00000174 __ASH C:\Users\Public\desktop.ini
2013-05-06 19:27 - 2006-11-02 13:50 - 00000174 __ASH C:\users\desktop.ini
2013-05-06 19:27 - 2006-11-02 13:50 - 00000174 __ASH C:\Program Files\desktop.ini
2013-05-06 19:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-05-05 21:53 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-05-05 21:53 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-05-05 21:53 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-05 21:50 - 2013-05-05 21:50 - 06067200 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 03599360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 02452872 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-05 21:50 - 2013-05-05 21:50 - 01830912 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-05 21:50 - 2013-05-05 21:50 - 01383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:50 - 2013-05-05 21:50 - 01168384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00832512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00671232 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00477696 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00459264 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-05 21:50 - 2013-05-05 21:50 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00380928 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00124928 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-05 21:50 - 2013-05-05 21:50 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-05 21:50 - 2013-05-05 21:50 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-05 21:46 - 2013-05-05 21:46 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2013-05-05 21:46 - 2013-05-05 21:46 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\polstore.dll
2013-05-05 21:46 - 2013-05-05 21:46 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\winipsec.dll
2013-05-05 21:46 - 2013-05-05 21:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2013-05-05 21:45 - 2013-05-05 21:45 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\netiohlp.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\ARP.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\ROUTE.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-05-05 21:43 - 2013-05-05 21:43 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\MRINFO.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\finger.exe
2013-05-05 21:43 - 2013-05-05 21:43 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
2013-05-05 21:43 - 2013-05-05 21:43 - 00008704 ____A (Microsoft Corporation) C:\Windows\System32\HOSTNAME.EXE
2013-05-05 21:41 - 2013-05-05 21:41 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-05-05 21:41 - 2013-05-05 21:41 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-05-05 21:40 - 2013-05-05 21:40 - 01657350 ____A C:\Windows\System32\wlan.tmf
2013-05-05 21:40 - 2013-05-05 21:40 - 00502272 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\L2SecHC.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2013-05-05 21:40 - 2013-05-05 21:40 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2013-05-05 21:39 - 2013-05-05 21:39 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 02855424 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 02433536 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL
2013-05-05 21:37 - 2013-05-05 21:37 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2013-05-05 21:37 - 2013-05-05 21:37 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2013-05-05 21:37 - 2013-05-05 21:37 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2013-05-05 21:37 - 2013-05-05 21:37 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\mferror.dll
2013-05-05 21:36 - 2013-05-05 21:36 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-05-05 21:34 - 2013-05-05 21:34 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-05 21:33 - 2013-05-05 21:33 - 00297472 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-05-05 21:32 - 2013-05-05 21:32 - 01060920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-05 21:32 - 2013-05-05 21:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2013-05-05 21:30 - 2013-05-05 21:30 - 00500736 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
2013-05-05 21:30 - 2013-05-05 21:30 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\xolehlp.dll
2013-05-05 21:29 - 2013-05-05 21:29 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
2013-05-05 21:28 - 2013-05-05 21:28 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll
2013-05-05 21:26 - 2013-05-05 21:26 - 01194496 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-05 21:26 - 2013-05-05 21:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-05-05 21:25 - 2013-05-05 21:25 - 00713728 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-05-05 21:24 - 2013-05-05 21:24 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 01244672 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00292352 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-05-05 21:20 - 2013-05-05 21:20 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2013-05-05 21:20 - 2013-05-05 21:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2013-05-05 21:17 - 2013-05-05 21:17 - 11315712 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-05 21:15 - 2013-05-05 21:15 - 00696832 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-05 21:14 - 2013-05-05 21:14 - 00211000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00110136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00045112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00021560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2013-05-05 21:14 - 2013-05-05 21:14 - 00017976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2013-05-05 21:13 - 2013-05-05 21:13 - 01233920 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00494592 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00408136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-05 21:13 - 2013-05-05 21:13 - 00272384 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-05-05 21:13 - 2013-05-05 21:13 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-05-05 21:12 - 2013-05-05 21:12 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\netcfg.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00781344 ____A (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00326160 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-05-05 20:57 - 2013-05-05 20:57 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00097800 ____A (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00043544 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-05-05 20:57 - 2013-05-05 20:57 - 00037384 ____A (Microsoft Corporation) C:\Windows\System32\infocardcpl.cpl
2013-05-05 20:57 - 2013-05-05 20:57 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\icardres.dll
2013-05-05 20:54 - 2013-05-05 20:46 - 35061760 ____A C:\Windows\ocsetup_install_NetFx3.etl
2013-05-05 20:54 - 2013-05-05 20:46 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.perf
2013-05-05 20:54 - 2013-05-05 20:46 - 00065536 ____A C:\Windows\ocsetup_cbs_install_NetFx3.dpx
2013-05-05 18:33 - 2013-05-05 18:33 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00096760 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll
2013-05-05 18:33 - 2013-05-05 18:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-05-05 18:25 - 2008-03-23 10:21 - 00000000 ____D C:\Users\Marcus\AppData\Local\Google
2013-05-05 17:51 - 2008-03-23 13:24 - 00055302 ____A C:\Users\Marcus\AppData\Roaming\nvModes.dat
2013-05-04 17:44 - 2008-03-23 10:21 - 00133416 ____A C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-04 17:29 - 2007-10-16 09:09 - 00161170 ____A C:\Windows\PFRO.log
2013-05-04 17:29 - 2006-11-02 13:47 - 00465208 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-04 17:10 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-04 16:41 - 2013-05-04 16:41 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.05.0.1001
2013-05-04 16:41 - 2013-05-04 16:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-04 16:40 - 2013-05-04 16:40 - 12917756 ____A C:\Users\Marcus\Desktop\mbar-1.05.0.1001.zip
2013-05-03 20:29 - 2013-05-03 20:29 - 00001078 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 20:28 - 2008-01-01 07:06 - 00000000 ____D C:\Program Files\Google
2013-05-03 16:30 - 2013-05-03 16:30 - 00002005 ____A C:\Users\Marcus\Desktop\aswMBR.txt
2013-05-03 16:30 - 2013-05-03 16:30 - 00000512 ____A C:\Users\Marcus\Desktop\MBR.dat
2013-05-03 16:09 - 2013-05-03 16:09 - 04745728 ____A (AVAST Software) C:\Users\Marcus\Desktop\aswMBR.exe
2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-04-28 18:14 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-04-27 21:50 - 2013-04-27 21:50 - 03503584 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 03469280 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 00654336 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2013-04-27 21:50 - 2013-04-27 21:50 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00220672 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codecp.acm
2013-04-27 21:50 - 2013-04-27 21:50 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\sdohlp.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00062464 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-04-27 21:50 - 2013-04-27 21:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\iasads.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\iasdatastore.dll
2013-04-27 21:50 - 2013-04-27 21:50 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00815104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00213592 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll
2013-04-27 21:49 - 2013-04-27 21:49 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2013-04-27 21:49 - 2013-04-27 21:49 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\netiougc.exe
2013-04-27 21:49 - 2013-04-27 21:49 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TUNMP.SYS
2013-04-27 21:48 - 2013-04-27 21:48 - 00875520 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00712704 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\amxread.dll
2013-04-27 21:48 - 2013-04-27 21:48 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\apilogen.dll
2013-04-27 21:47 - 2013-04-27 21:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-04-27 21:47 - 2013-04-27 21:47 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-04-27 21:46 - 2013-04-27 21:46 - 02031104 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-27 21:46 - 2013-04-27 21:46 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll
2013-04-27 21:46 - 2013-04-27 21:46 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2013-04-27 21:46 - 2013-04-27 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.tlb
2013-04-27 21:46 - 2013-04-27 21:46 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\amcompat.tlb
2013-04-27 21:46 - 2013-04-27 21:46 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00523776 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00473088 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00472576 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2013-04-27 21:45 - 2013-04-27 21:45 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2013-04-27 21:45 - 2013-04-27 21:45 - 00154112 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00558080 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-04-27 21:44 - 2013-04-27 21:44 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2013-04-27 21:44 - 2013-04-27 21:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\sbunattend.exe
2013-04-27 21:43 - 2013-04-27 21:43 - 04247552 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll
2013-04-27 21:43 - 2013-04-27 21:43 - 01686528 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-04-27 21:43 - 2013-04-27 21:43 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll
2013-04-27 21:42 - 2013-04-27 21:42 - 00996352 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll
2013-04-27 21:42 - 2013-04-27 21:42 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\logagent.exe
2013-04-27 21:41 - 2013-04-27 21:41 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-04-27 21:40 - 2013-04-27 21:40 - 00737792 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-04-27 21:40 - 2013-04-27 21:40 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2013-04-27 21:40 - 2013-04-27 21:40 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2013-04-27 21:39 - 2013-04-27 21:39 - 01645568 ____A (Microsoft Corporation) C:\Windows\System32\connect.dll
2013-04-27 21:37 - 2013-04-27 21:37 - 00788992 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-04-27 21:37 - 2013-04-27 21:37 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-04-27 21:36 - 2013-04-27 21:36 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-04-27 21:36 - 2013-04-27 21:36 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll
2013-04-27 21:36 - 2013-04-27 21:36 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
2013-04-27 21:35 - 2013-04-27 21:35 - 01341440 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-04-27 21:35 - 2013-04-27 21:35 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2013-04-27 21:34 - 2013-04-27 21:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 01327616 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\msvfw32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\avicap32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2013-04-27 21:33 - 2013-04-27 21:33 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2013-04-27 21:31 - 2013-04-27 21:31 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2013-04-27 21:30 - 2013-04-27 21:30 - 10622464 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-04-27 21:30 - 2013-04-27 21:30 - 08147968 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-04-27 21:30 - 2013-04-27 21:30 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2013-04-27 21:30 - 2013-04-27 21:30 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2013-04-27 21:30 - 2013-04-27 21:30 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2013-04-27 21:29 - 2013-04-27 21:29 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe
2013-04-26 21:34 - 2013-04-22 20:41 - 00064338 ____A C:\Users\Marcus\Desktop\OTL.Txt
2013-04-26 21:13 - 2013-04-26 21:13 - 00008256 ____A C:\Users\Marcus\Desktop\combofix.txt
2013-04-26 21:12 - 2013-04-26 21:12 - 00008256 ____A C:\ComboFix.txt
2013-04-26 21:12 - 2013-04-26 20:29 - 00000000 ____D C:\Qoobox
2013-04-26 21:12 - 2006-11-02 12:18 - 00000000 __RHD C:\users\Default
2013-04-26 21:12 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public
2013-04-26 21:10 - 2013-04-26 20:28 - 00000000 ____D C:\Windows\erdnt
2013-04-26 21:07 - 2006-11-02 11:23 - 00000215 ____A C:\Windows\system.ini
2013-04-26 21:05 - 2006-11-02 11:22 - 43515904 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-04-26 21:05 - 2006-11-02 11:22 - 19660800 ____A C:\Windows\System32\config\SYSTEM.bak
2013-04-26 21:05 - 2006-11-02 11:22 - 10747904 ____A C:\Windows\System32\config\COMPON~1.bak
2013-04-26 21:05 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-04-26 21:05 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-04-26 21:05 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2013-04-26 20:27 - 2013-04-26 20:27 - 05059946 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe
2013-04-26 20:21 - 2013-04-26 20:21 - 00007320 ____A C:\Users\Marcus\Desktop\AdwCleaner[S1].txt
2013-04-26 20:16 - 2013-04-26 20:15 - 00007320 ____A C:\AdwCleaner[S1].txt
2013-04-26 20:16 - 2013-04-26 20:15 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-04-26 20:05 - 2013-04-26 20:05 - 00619461 ____A C:\Users\Marcus\Desktop\adwcleaner.exe
2013-04-25 21:40 - 2013-04-25 21:40 - 00001593 ____A C:\Users\Public\Desktop\Browserwahl.lnk
2013-04-24 22:31 - 2013-04-24 22:31 - 00023163 ____A C:\Users\Marcus\Desktop\gmer.txt
2013-04-24 17:03 - 2013-04-24 17:03 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-24 17:01 - 2013-04-24 17:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2013-04-24 17:01 - 2007-10-23 01:33 - 00000000 ____D C:\Program Files\Microsoft Works
2013-04-24 16:59 - 2013-04-24 16:59 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2013-04-24 16:57 - 2013-04-24 16:57 - 00396800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-04-24 16:57 - 2013-04-24 16:57 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll
2013-04-24 16:57 - 2013-04-24 16:57 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\nshhttp.dll
2013-04-24 16:53 - 2013-04-24 16:53 - 00282796 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-04-24 16:51 - 2013-04-24 16:51 - 00290058 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-04-24 16:10 - 2013-04-24 16:10 - 00138912 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-24 16:10 - 2012-10-06 14:53 - 00000000 ____D C:\Windows\Minidump
2013-04-24 16:09 - 2012-10-06 14:53 - 291601370 ____A C:\Windows\MEMORY.DMP
2013-04-22 21:13 - 2013-04-22 21:13 - 00377856 ____A C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
2013-04-22 20:47 - 2013-04-22 20:47 - 00041948 ____A C:\Users\Marcus\Desktop\Extras.Txt
2013-04-22 20:23 - 2013-04-22 20:23 - 00602112 ____A (OldTimer Tools) C:\Users\Marcus\Desktop\OTL.exe
2013-04-22 20:23 - 2013-04-22 20:21 - 00000474 ____A C:\Users\Marcus\Desktop\defogger_disable.log
2013-04-22 20:21 - 2013-04-22 20:21 - 00000000 ____A C:\Users\Marcus\defogger_reenable
2013-04-22 20:21 - 2008-03-23 10:20 - 00000000 ____D C:\users\Marcus
2013-04-22 20:20 - 2013-04-22 20:20 - 00050477 ____A C:\Users\Marcus\Desktop\Defogger.exe
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Windows\System32\searchplugins
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Windows\System32\Extensions
2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\7-Zip
2013-04-22 20:19 - 2013-04-22 20:19 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-04-22 20:19 - 2013-04-22 20:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-22 20:18 - 2013-04-22 20:18 - 00162056 ____A () C:\Users\Marcus\Desktop\7ZipSetup.exe
2013-04-22 20:16 - 2008-03-23 10:37 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Google
2013-04-22 20:16 - 2008-01-01 07:06 - 00000000 ____D C:\ProgramData\Google

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2007-10-16 14:33] - [2007-10-16 14:33] - 2923520 ____A (Microsoft Corporation) 6D06CD98D954FE87FB2DB8108793B399

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-22 21:14:55
Restore point made on: 2013-04-24 16:47:49
Restore point made on: 2013-04-27 21:27:35
Restore point made on: 2013-04-28 18:49:26
Restore point made on: 2013-04-29 17:13:05
Restore point made on: 2013-05-03 13:56:46
Restore point made on: 2013-05-04 16:58:57
Restore point made on: 2013-05-05 18:18:58
Restore point made on: 2013-05-06 19:56:00
Restore point made on: 2013-05-12 14:37:06

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3069.81 MB
Available physical RAM: 2638.48 MB
Total Pagefile: 2852.52 MB
Available Pagefile: 2697.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.71 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:56.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.62 GB) FAT32
Drive e: (MEDHOPRDEU) (CDROM) (Total:2.39 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.47 GB) (Free:6.04 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: 08DB956A)
Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


Last Boot: 2013-05-12 14:09

==================== End Of Log ============================

finish :)

aharonov 12.05.2013 16:22
Sehr gut. Machen wir weiter, das sollte bald fertig sein.


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:files
C:\ProgramData\BrowserProtect

:commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL

SGC2013 12.05.2013 17:40
SOLL DAS SO SEIN ... ???

File\Folder C:\ProgramData\BrowserProtect not found.???


All processes killed
========== FILES ==========
File\Folder C:\ProgramData\BrowserProtect not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marcus
->Temp folder emptied: 102771712 bytes
->Temporary Internet Files folder emptied: 27613514 bytes
->Flash cache emptied: 833 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1215180 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 126,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05122013_183250

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET60D4.tmp not found!
File\Folder C:\Windows\temp\JET862F.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aharonov 12.05.2013 18:05
Mach einfach mit dem nächsten Schritt weiter.

SGC2013 12.05.2013 19:00
nix gefunden !!!


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.05.12.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Marcus :: MARCUS-PC [Administrator]

12.05.2013 19:46:30
mbam-log-2013-05-12 (19-46-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212809
Laufzeit: 11 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov 12.05.2013 21:45
Ok, sieht bis hierhin schon mal gut aus.

SGC2013 13.05.2013 21:14
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=84803bff00e3cb4eb07c4bba580238df
# engine=13813
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-12 07:12:16
# local_time=2013-05-12 09:12:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 1214110 205918664 0 0
# scanned=68653
# found=0
# cleaned=0
# scan_time=3938
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=84803bff00e3cb4eb07c4bba580238df
# engine=13821
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-13 06:25:42
# local_time=2013-05-13 08:25:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 85842 206002270 0 0
# scanned=164826
# found=0
# cleaned=0
# scan_time=9337

aharonov 14.05.2013 13:37
Fehlen nur noch die Schritte 4 und 5.

SGC2013 14.05.2013 16:18
Results of screen317's Security Check version 0.99.63
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 3
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

OTL Logfile:
Code:
OTL logfile created on: 14.05.2013 17:19:56 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,95% Memory free
6,17 Gb Paging File | 4,87 Gb Available in Paging File | 78,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 52,52 Gb Free Space | 41,56% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
Drive F: | 2,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.05 22:50:14 | 000,634,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.05.05 22:50:09 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2013.05.04 17:38:20 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013.04.27 22:44:46 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.01 08:07:03 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.01.01 08:07:03 | 000,228,864 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.31 13:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.11.14 15:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.01 08:07:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.18 12:19:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE533
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
 
[2013.04.22 21:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.04.26 22:07:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1230201501\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-4224337704-570406217-1902100241-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB45861-79BD-4D58-A980-3EC0AE2A0BF8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.12 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2013.05.12 19:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.12 19:43:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.12 19:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.12 18:41:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marcus\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.12 18:26:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.12 17:37:06 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.04 17:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 17:41:09 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\mbar-1.05.0.1001
[2013.05.03 17:09:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2013.04.26 22:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\temp
[2013.04.26 22:07:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.26 21:47:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.26 21:47:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.26 21:47:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.04.26 21:47:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.26 21:29:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 21:28:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 21:27:03 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\ComboFix.exe
[2013.04.22 21:23:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.22 21:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.22 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Local Settings
[2013.04.22 21:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.22 21:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.22 21:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 17:08:05 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2013.05.14 17:07:37 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 17:07:37 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 17:07:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 17:06:35 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 22:22:34 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.13 22:22:34 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.13 22:21:08 | 000,465,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.13 22:17:53 | 000,890,825 | ---- | M] () -- C:\Users\Marcus\Desktop\SecurityCheck.exe
[2013.05.13 18:09:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B19B3ABA-0AF6-4490-8E0D-9518C23D1A00}.job
[2013.05.12 19:43:36 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.12 18:41:38 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marcus\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.12 18:31:26 | 000,055,302 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2013.05.12 15:16:54 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.12 15:16:54 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.05 22:40:38 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2013.05.05 21:54:27 | 035,061,760 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013.05.05 21:54:27 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013.05.05 21:54:27 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013.05.04 17:40:14 | 012,917,756 | ---- | M] () -- C:\Users\Marcus\Desktop\mbar-1.05.0.1001.zip
[2013.05.03 21:29:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 17:30:10 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2013.05.03 17:09:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2013.04.26 22:07:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.26 21:27:31 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\ComboFix.exe
[2013.04.26 21:16:11 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.26 21:05:43 | 000,619,461 | ---- | M] () -- C:\Users\Marcus\Desktop\adwcleaner.exe
[2013.04.25 22:40:30 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.24 17:09:34 | 291,601,370 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.22 22:13:05 | 000,377,856 | ---- | M] () -- C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
[2013.04.22 21:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:39 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:35 | 000,162,056 | ---- | M] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[1 C:\Users\Marcus\Desktop\*.tmp files -> C:\Users\Marcus\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.13 22:17:51 | 000,890,825 | ---- | C] () -- C:\Users\Marcus\Desktop\SecurityCheck.exe
[2013.05.12 19:43:36 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.05 22:40:38 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013.05.05 21:46:32 | 035,061,760 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013.05.05 21:46:32 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013.05.05 21:46:32 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013.05.04 17:40:01 | 012,917,756 | ---- | C] () -- C:\Users\Marcus\Desktop\mbar-1.05.0.1001.zip
[2013.05.03 21:29:20 | 000,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 17:30:10 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2013.04.26 21:47:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.26 21:47:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.26 21:47:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.26 21:47:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.26 21:47:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.26 21:15:42 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.26 21:05:23 | 000,619,461 | ---- | C] () -- C:\Users\Marcus\Desktop\adwcleaner.exe
[2013.04.25 22:40:30 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.22 22:13:02 | 000,377,856 | ---- | C] () -- C:\Users\Marcus\Desktop\gmer_2.1.19163.exe
[2013.04.22 21:21:12 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2013.04.22 21:20:37 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2013.04.22 21:18:02 | 000,162,056 | ---- | C] () -- C:\Users\Marcus\Desktop\7ZipSetup.exe
[2009.03.01 18:47:14 | 000,019,433 | ---- | C] () -- C:\Users\Marcus\Kontakte_Handy K800i.ods
[2008.12.27 00:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Default.PLS
[2008.12.25 23:13:23 | 000,000,680 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2008.05.17 18:25:50 | 170,713,244 | ---- | C] () -- C:\Users\Marcus\TempImage.nrg
[2008.03.23 14:34:29 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.001
[2008.03.23 14:24:19 | 000,055,302 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\nvModes.dat
[2008.03.23 14:22:15 | 000,036,864 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 14:20:54 | 000,009,682 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\wklnhst.dat
[2008.03.23 11:21:06 | 000,000,094 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.05.05 22:17:22 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.04.27 22:50:44 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.24 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AAV
[2008.03.23 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Buhl Data Service GmbH
[2011.05.22 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BullGuard
[2010.07.25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MAGIX
[2010.09.26 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sonavis
[2011.07.03 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\temp
[2008.03.23 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Template
[2008.03.23 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 14.05.2013 19:04
Das SecurityCheck-Log sieht ganz unschön aus. Da fehlen 2 Service Packs und auch die restliche Software ist total veraltet. So zu surfen ist brandgefährlich!


Schritt 1
  • Gehe bitte zu Start --> Alle Programme --> Windows Update.
  • Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
  • Drücke dann auf Updates installieren.
  • Starte nach Beendigung der Installation den Rechner neu auf.
  • Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 4
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von SecurityCheck

SGC2013 14.05.2013 20:44
Ui .... das wird dauern, merke ich gerade.

Wie kann ich eigentlich einstellen, dass sich der Firefox automatisch updatet, ohne das meine Lesezeichen alle verschwinden (durch den Update)

aharonov 14.05.2013 20:50
Die Lesezeichen sollten beim Update des Firefox eigentlich nicht verschwinden...

SGC2013 20.05.2013 19:12
Ich bin leider immer noch bei Schritt 1 !!
Das dauert ewig ... ich sitze jeden Tag 2 Stunden davor und ziehe nur die updates runter .. wahnsinn !!

aharonov 20.05.2013 19:31
Ja, da hat auch noch einiges gefehlt..

SGC2013 21.05.2013 18:15
Results of screen317's Security Check version 0.99.63
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

aharonov 21.05.2013 18:24
Da fehlen offenbar immer noch die Service Packs. Das ist nicht gut..


Hinweis: Kein Antivirenprogramm

Ich sehe in deinen Logfiles kein laufendes Antivirenprogramm mit Hintergrundwächter.

Das ist gefährlich. Auch wenn so ein Wächter niemals alle Bedrohungen abwehren kann, ist er doch ein wichtiger Bestandteil, um den Rechner sauber zu halten.
Downloade und installiere bitte ein Antivirenprogramm mit Hintergrundwächter. Hier sind zwei mögliche Vorschläge:



Schritt 1

Lade das Service Pack 1 für Windows Vista herunter und installiere es.



Schritt 2

Lade das Service Pack 2 für Windows Vista herunter und installiere es.



Schritt 3
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von SecurityCheck

SGC2013 21.05.2013 18:53
sag mal, die SecurityCheck.exe kann man immer nutzen oder?
dann kann ich damit auch mal schnell meinen anderen rechner durchlaufen lassen?

aharonov 21.05.2013 18:58
Ja, kann man. Aber die Warnungen, welche es ausgibt, sind nicht immer richtig.

SGC2013 21.05.2013 19:01
Kannst du mal gucken? Hier müsste doch alles in Ordnung sein, oder?

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

aharonov 21.05.2013 19:07
Ja, sieht gut aus.
Aber auf dem anderen (Vista-) Rechner noch nicht..

SGC2013 21.05.2013 19:16
Da lädt gerade das Service Pack 1

aharonov 21.05.2013 20:04
Ok.

SGC2013 22.05.2013 18:40
Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

aharonov 22.05.2013 18:48
Jetzt siehts besser aus. Noch den aktuellen Internet Explorer drauf tun und dann räumen wir auf.


Schritt 1

Downloade und installiere den Internet Explorer 9.
Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Starte defogger und drücke den Button Re-enable.
  2. Deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

aharonov 03.06.2013 00:59
Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131